Well. If you have made it here to my site you must have noticed that it hasn’t been updated for a long time.
And it will continue to be like that since I have started my new blog at http://gjohansson.com instead to reflect my thoughts and other about my work with IT.

It took me some time more than just last weekend to checkout the tool delivered from MS but hereÂ are my first thoughts about this tool.

First a print screen of the program:

Until today I have only run the program on two domain controllers so I haven’t really tested the tool completely but I have found some parts which you might find interesting.

First of all you should check the page named Critical Issues of course.
For me I got two errors here when I tried on my DC.

Incorrect permissions on Default Domain Controller Policy

DFS service not running on [MACHINE]

About the first error it complained about “Enterprise Domain Controllers” security group didn’t have the “Apply Group Policy” access which was correct so I now recieved this information and could open GPMC and correct the error.

Second error I’m a bit confused about since on Windows 2003 (and earlier) normally don’t have DFS running (ifÂ you don’t configure it of course). It’s using FRS for replication of SYSVOL and not DFS. I think this is a mistake from MS because I suspect the tool also has been designed with Windows Server 2008 kept in mind since it’s using DFS-R and not FRS and I think that’s why it’s watching the status of this service.

If you continue at “All Issues” you can find even more information. Some parts are information and some parts errors. I got a lot of errors which I don’t really understand. For example it complained about that:

I’m not using Roaming profiles!?!?

Offline Files disabled using reg-key (on a Domain Controller)!?!?

It complained that two out of four of my group policies (which affects my DC’s) had their user settings disabled!?!?

However the tool has also “Tree reports” which tells you a lotÂ about your GPO’s so if you know what you are doing you can find some usefulÂ information about your GPO’s in this tool instead of searching for it using AdsiEdit for example.

As conclusion you can say that the tool has some improvements that need to be done before you can fully benefit from it but it’s a great start if you aren’t using anything today and I would recommend everyone to check it out and at least see if it tells you if you have any errors.

There are some other tools available on the market which you might want to check you if you don’t find this tool useful enough. You can find links on the Group Policy homepage

Two days ago Microsoft released a new tool “Microsoft Group Policy Diagnostic Best Practice Analyzer (GPDBPA)”

This tool is used for collecting data about your Group Policy configuration environment, or as stated in the KB:

To search for common configuration errors

To discover and to diagnose problems

To collect data for archiving

I will give the tool a closer look tomorrow and run against some test machines to see what it gives me back but in the meantime here is the links and the KB for this new tool.Note: I’m not sure if it’s ment to be or not but the tool is only available in english and wont run on any other computer with a different language.